devmtl
(Pascal Andy)
1
Hello folks!
I use Caddy in Prod and I’m looking to add some features to my docker container. It’s based on this project.
I don’t use it as a proxy but only to host a pure static website. No auth or anything fancy.
My basic Caddyfile (working)
:2015 {
root /srv
}
wip Caddyfile (not working)
Here I want to add gzip + headers.
gzip
:2015 {
root /srv
header / {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
X-Xss-Protection "1; mode=block";
X-Content-Type-Options "nosniff";
X-Frame-Options "DENY";
Content-Security-Policy "upgrade-insecure-requests";
Referrer-Policy "strict-origin-when-cross-origin";
Feature-Policy "accelerometer 'none' ; ambient-light-sensor 'none' ; autoplay 'self' ; camera 'none' ; encrypted-media 'none' ; fullscreen 'self' ; geolocation 'none' ; gyroscope 'none' ; magnetometer 'none' ; microphone 'none' ; midi 'none' ; payment 'none' ; picture-in-picture * ; speaker 'none' ; sync-xhr 'none' ; usb 'none' ; vr 'none'";
Cache-Control "public, max-age=0, must-revalidate";
Content-Type "text/html; charset=UTF-8"
}
}
Can you guys see what’s wrong?
Cheers!
P
magikstm
(Magikstm)
2
devmtl
(Pascal Andy)
3
This works.
:2015 {
root /srv
gzip
cache
}
Now let’s add the header. This it’s not working :-/
:2015 {
root /srv
gzip
cache
header / {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
X-Xss-Protection "1; mode=block";
X-Content-Type-Options "nosniff";
X-Frame-Options "DENY";
Content-Security-Policy "upgrade-insecure-requests";
Referrer-Policy "strict-origin-when-cross-origin";
Feature-Policy "accelerometer 'none' ; ambient-light-sensor 'none' ; autoplay 'self' ; camera 'none' ; encrypted-media 'none' ; fullscreen 'self' ; geolocation 'none' ; gyroscope 'none' ; magnetometer 'none' ; microphone 'none' ; midi 'none' ; payment 'none' ; picture-in-picture * ; speaker 'none' ; sync-xhr 'none' ; usb 'none' ; vr 'none'";
Cache-Control "public, max-age=0, must-revalidate";
Content-Type "text/html; charset=UTF-8"
}
}
devmtl
(Pascal Andy)
4
Clearly something is wrong with the header section.
devmtl
(Pascal Andy)
5
Finally, I got it!
:2015 {
root /srv
cache {
default_max_age 15m
path /caddycache
}
gzip {
level 9
min_length 1
}
header / {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Xss-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Content-Security-Policy "upgrade-insecure-requests"
Referrer-Policy "strict-origin-when-cross-origin"
Cache-Control "public, max-age=15, must-revalidate"
Content-Type "text/html; charset=UTF-8"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'"
}
}
1 Like